| |
| |
| |
|
Page: 1 2
Comments:
<0> it should have appeared as 192.168.1.1 .. hmm
<0> ooops type in NAT :p
<0> woohoo !!!
<0> works!!!
<0> rob0, robw810, thanks a bunch!! it works great :)
<1> T`: thank rob0 and danieldg - I played no part in that :-)
<0> :)
<0> gonna get something to eat
<0> thanks again guys.. later
<2> How do I use "--to"
<1> xbmodder_lappy: what are you trying to do?
<2> I have two network interfaces, I _do not_ want to let them bridge, I only want to let a couple IPs to be seen on network0 from network1
<1> You wanting to redirect something like say, ftp, to the gateway into a box on the other side of the lan?
<1> or you want specific ip addresses on one side to be routable from the other side?
<2> like this:
<2> 10.0.0.1- 10.0.0.5
<2> >-10.0.0.3 (my box)-<
<2> 10.0.0.2- 10.0.0.8
<2> I want 10.0.0.5 and 8 to be able to see the other end
<2> but not use bridging....
<1> Are they on different subnets?
<2> nope
<1> Well, ***uming they *can* see each other right now (this is ***uming correct routing tables), then the easist method (imho) would be to set up rules in the FORWARD chain to DROP/REJECT/ALLOW as desired
<2> they cannot see each other right now.
<1> but the routing part will be much easier to do if you divide each side into a separate subnet
<1> As it stands you'll have to set up a static route for each host
<1> If you *want* them to be on the same subnet (which simplifies some things but complicates others), then bridging is the best way to do what you want (this is, of course, based on my [limited] understanding)
<2> ok
<2> hehe
<2> bridging is horrible!
<2> and too much overhead
<3> Overhead? Little embedded routers do briding.
<3> bridging
<2> like ~100MB/s
<2> if I did this with iptables it will be at 2.4GB/s
<3> Do you have the same IP on both interfaces?
<2> No
<4> rob0: but most routers run BSD not Linux
<4> and, briding is done between interfaces without Rules
<4> not Briding accross adapters /w SNAT
<4> SNAT is only done on the non-briged interface on those routers .. e.g, ppp0
<4> and if bridging is enabled on the WAN to LAN for Multi PPPoE or just bridged PPPoE , there is certaily no Firewall Rules taking place
<4> just pure bridging
<4> after my much testing ... with about 300 IPTables Rules , Bridging accross it can be horrible with added latency
<4> mind you , that is only for SNAT / DNAT (Conntrack)
<4> with Conntrack Disabled ... it flys
<4> xbmodder_lappy: well then just use Poxy_ARP =P Proxy_ARP (Psuedo Style Bridgeing)
<2> ok....
<5> public away :(
<6> not really. Irc client not well configured yet
<7> How can I measure the data transferred to a particular port in my machine ?
<7> please help me
<7> How can I measure the data transferred to a particular port in my machine ?
<8> libregeek: iptraf may help
<7> ic
<7> is there anyway to get details on each port ?
<7> Regit: iptraf can't give per port statistics
<8> libregeek: try "statiscal breakdown"->"by TCP/UDP port"
<8> then look at the bottom line
<7> ok
<7> Regit: thanks
<7> I got it
<9> hi
<9> I have this script I made with danieldg's help:
<9> http://rafb.net/paste/results/Kh5sCL38.html
<9> it doesn't seem to remove blocked hosts after 3600 seconds though
<10> if you like, it's pretty easy to convert that into script
<9> danieldg: I just don't know where to stick it now for automatic bootup
<10> what distro?
<9> debian
<9> debian sid
<9> is there any other usable distro??
<10> /etc/network/interfaces
<9> ;)
<10> I like debian
<9> you said htat yesterday
<9> can yhou show me how yours looks like
<9> on pastebin/rafb.net
<11> this is mine if it can help you http://mordor.ath.cx/stuff/firewall.html
<10> Roey: http://daniel.6dns.org/misc/interf
<11> I generaly write rules in a file, then update-rc.d add firewall defaults 99
<9> mage, danieldg: thaks
<9> ok
<9> so I put the itpables script in /etc/network
<10> that's where I put mine
<9> and then add a pre-up line--that specifies a script to run before it brings that iface up
<9> got it
<9> Mage_: are you sure that url is ok? I get 'host unknown'
<11> mmh yes url is ok
<9> hmm ok
<11> w8
<9> k
<12> hi I'm trying to find out how I can setup an iptables rule that can redirect any incoming connectiong to port 25 on 192.168.100.1 to go to port 90025 on 192.168.120.1
<12> I don't have any rules at the moment.. no iptables firewall running ... all chains are in accept mode
<10> }btorch{: you want a DNAT rule, and there is no port 90025
<12> that was just an example say its 26 instead of 90025
<10> iptables -t nat -A PREROUTING -p tcp --dport 25 -j DNAT --to-destination 192.168.120.1:26; the second URL in the topic has more details
<12> thank you
<12> do I need to create the PREROUTING chain firs t?
<10> no
<10> that's in the nat table, it should already be there
<10> iptables -t nat -vL
<12> ok
<13> hi, I'm using IPsec on my router for blocking of incoming IP with IP filtering. According to my manual, I need to take 2 steps to do so. I don't understand why? First and second filter does the same thing, but reverses source and destiniation IP's with the same filter rules!
<13> meaning, that I have to use 2 filters to block one IP!
<14> for some reason i keep getting dropped off of my ssh connection to my server, i have iptables installed, and i keep getting a timeout error, i made a change in the sshd_config but that didn't do any good, any suggestions?
<10> does this server handle a lot of tcp connections?
<10> you might need to increase the conntrack_count setting in /proc, or try enabling a keepalive
<10> (actually, that would be conntrack_max, since conntrack_count is read-only)
<14> danieldg: as of now, no it has me sshing into it
<10> hmm, I'm not sure why then. You could add some LOG rules to see if it's iptables that is dropping; I'd also check any NAT devices/firewalls between you and the server
<14> danieldg: the server is conneted directly to the internet
Return to
#iptables
or
Go to some related
logs:
mpeg 1 layer 3 cbr ubuntu
qtparted freezes splash screen
silverpower irc
#linux
gentoo amarok xine-engine
#suse
#gentoo
ErenTurkay
mythtv radeon fglrx rv250
#css
|
|